This is the certificate that we installed in the host which was exported from the SMS

See if additional post I made about this helps.

Andy

https://community.checkpoint.com/t5/Security-Gateways/Https-inspection-tip/m-p/219139

The certificate needs to be explicitly imported into the Trusted Root Certification Authorities.
If you just click through and choose the defaults in the Import Certificate wizard, the certificate will not be trusted (thus the problem you are having).
When done correctly, it should show here (Invoke via Windows Run: certmgr.msc )

Think of it like this, as trivial as this may sound, but hopefully you will get an idea. If you go to any secure website in the world, you can see what is root CA, then sub CA and then actual "client" cert. So, say in CP context, again, trivial as this is, think of mgmt as root CA, then your fw as sub-CA thats issuing ssl cert for your clients and as @PhoneBoy indicated in his post, all of them has to be TRUSTED in order NOT to get the cert warnings.

Makes sense?

Andy

To help you even further, I took bunch of screenshots from my lab. PLEASE pay attention to things I pointed out in red, as those are important.

Andy

We have installed the updates of this section but we still have the same issue.

Personally, in my experience, those updates have nothing to do with the issue you have. You HAVE TO trust all the certs involved in a "chain" here not to get those warnings. Ie...whatever certs show when you click on untrusted cert on the web page, you need to export them, then install both of them (mgmt and gw one), put them in TRUSTED ROOT, make sure cert shows okay and Im 100% sure it will work just fine.

Andy

I understand that I have to export all certificates from sites that I have issues to access and install it on the gateway, but what happen with Microsoft Teams? 

I was doing some testing and I was able to fix the MS Teams part with the bypass rule.

Thats easiest/best way to fix those issues.

Good job!

Andy

Also, forgot to mention, as I find this very IMPORTANT. I always use multiple ordered layers when I build ssl inspection labs, as I find that traffic is processed much faster and inspection always works that way. So, say on 2nd ordered layer, I ONLY enable urlf+appc blades and approach it using blacklist, rather than whitelist. There is even sk about it, cant recall now what it is, but its also due to the reason that traffic has to be allowed via all ordered layers. Yes, you can "cram" it in one layer, but why suffer that way. I did that for one customer while back that came from Cisco world and only reason for it was because their boss did not feel comfortable having layer with any any allow at the bottom. No matter how many times I explaied it to him, did not help : - ). Anyway, we made it work, but probably took 10 extra hours, compared to doing it the way I described.

Andy